Bug#828577: The patch is upstream
Hi Pierre, Are there any problems for releasing the tpm-tools 1.3.9? As we last discussed, tpm-tools should work with openssl 1.1. if you could just disable the PKCS#11 support, which has been obsolete and yet Debian turned on by default. Please let me know if I can assist. Ubuntu would like to get the most up-to-date tpm-tools in the coming release, and Ubuntu can't inherit that if Debian doesn't release the package before release freeze.. Regards, Vicky
Bug#828577: The patch is upstream
On Tue, 06 Dec 2016 17:38:01 -0500 "Hon Ching(Vicky) Lo"wrote: > On Sun, 2016-11-20 at 18:04 +0100, Pierre Chifflier wrote: > > On Thu, Nov 17, 2016 at 07:47:56PM -0500, Hon Ching(Vicky) Lo wrote: > > > On Thu, 2016-11-17 at 16:29 -0500, Hon Ching(Vicky) Lo wrote: > > > > Hi > > > > > > > > The patch is upstream: > > > > https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/ > > > > > > > > > > > > Thanks, > > > > Vicky > > > > > > The patch above is based off the latest code in tpm-tools 1.3.9. Please > > > rebase to tpm-tools 1.3.9 to pick up the patch instead. Thanks! > > > > > > > Hi, > > > > Version 1.3.9 does not fix the build with OpenSSL 1.1. It still fails > > with the following error: > > > > gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include -D_LINUX -Wdate-time > > -D_FORTIFY_SOURCE=2 -g -O2 > > -fdebug-prefix-map=/home/pollux/DEBIAN/TPM-TOOLS/tpm-tools=. > > -fstack-protector-strong -Wformat -Werror=format-security -m64 -Wall > > -Wno-unused -Wno-implicit-function-declaration -Wreturn-type -Wsign-compare > > -c -o data_import.o data_import.c > > data_import.c: In function ‘readX509Cert’: > > data_import.c:375:26: error: dereferencing pointer to incomplete type > > ‘EVP_PKEY {aka struct evp_pkey_st}’ > > if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) { > > ^~ > > In file included from /usr/include/openssl/asn1.h:24:0, > > from /usr/include/openssl/rsa.h:16, > > from data_import.c:34: > > data_import.c: In function ‘createRsaPubKeyObject’: > > data_import.c:694:34: error: dereferencing pointer to incomplete type > > ‘RSA {aka struct rsa_st}’ > > int nLen = BN_num_bytes( a_pRsa->n ); > > ^ > > Makefile:524: recipe for target 'data_import.o' failed > > > > OpenSSL decided not to allow access to these fields anymore. At this > > point, I have no idea on how to fix this. > > > > Best regards, > > Pierre > > > Hi Pierre, > > > OpenCryptoki builds the TPM token that can communicate with a TPM. > Thus, the PKCS#11 support in tpm-tools wasn't necessary. The build > in version 1.3.9 does not include the pkcs#11 support by default. > If Debian enables that support by default, please disable it. > I have cherry-picked upstream patches for opencryptoki into experimental and it builds against openssl 1.1 there. Could you please update tpm-tools to 1.3.9 in experimental, and if everything buids and is fine it should be good to go into unstable too, no? Or is there more porting to do in the optional code? Note, Debian by default, enables as many features in packages as practically useful and possible. Why should we regress feature parity in the new release? Regards, Dimitri.
Bug#828577: The patch is upstream
On Sun, 2016-11-20 at 18:04 +0100, Pierre Chifflier wrote: > On Thu, Nov 17, 2016 at 07:47:56PM -0500, Hon Ching(Vicky) Lo wrote: > > On Thu, 2016-11-17 at 16:29 -0500, Hon Ching(Vicky) Lo wrote: > > > Hi > > > > > > The patch is upstream: > > > https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/ > > > > > > > > > Thanks, > > > Vicky > > > > The patch above is based off the latest code in tpm-tools 1.3.9. Please > > rebase to tpm-tools 1.3.9 to pick up the patch instead. Thanks! > > > > Hi, > > Version 1.3.9 does not fix the build with OpenSSL 1.1. It still fails > with the following error: > > gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include -D_LINUX -Wdate-time > -D_FORTIFY_SOURCE=2 -g -O2 > -fdebug-prefix-map=/home/pollux/DEBIAN/TPM-TOOLS/tpm-tools=. > -fstack-protector-strong -Wformat -Werror=format-security -m64 -Wall > -Wno-unused -Wno-implicit-function-declaration -Wreturn-type -Wsign-compare > -c -o data_import.o data_import.c > data_import.c: In function ‘readX509Cert’: > data_import.c:375:26: error: dereferencing pointer to incomplete type > ‘EVP_PKEY {aka struct evp_pkey_st}’ > if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) { > ^~ > In file included from /usr/include/openssl/asn1.h:24:0, > from /usr/include/openssl/rsa.h:16, > from data_import.c:34: > data_import.c: In function ‘createRsaPubKeyObject’: > data_import.c:694:34: error: dereferencing pointer to incomplete type ‘RSA > {aka struct rsa_st}’ > int nLen = BN_num_bytes( a_pRsa->n ); > ^ > Makefile:524: recipe for target 'data_import.o' failed > > OpenSSL decided not to allow access to these fields anymore. At this > point, I have no idea on how to fix this. > > Best regards, > Pierre > Hi Pierre, OpenCryptoki builds the TPM token that can communicate with a TPM. Thus, the PKCS#11 support in tpm-tools wasn't necessary. The build in version 1.3.9 does not include the pkcs#11 support by default. If Debian enables that support by default, please disable it. Thanks, Vicky
Bug#828577: The patch is upstream
On Thu, Nov 17, 2016 at 07:47:56PM -0500, Hon Ching(Vicky) Lo wrote: > On Thu, 2016-11-17 at 16:29 -0500, Hon Ching(Vicky) Lo wrote: > > Hi > > > > The patch is upstream: > > https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/ > > > > > > Thanks, > > Vicky > > The patch above is based off the latest code in tpm-tools 1.3.9. Please > rebase to tpm-tools 1.3.9 to pick up the patch instead. Thanks! > Hi, Version 1.3.9 does not fix the build with OpenSSL 1.1. It still fails with the following error: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include -D_LINUX -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -fdebug-prefix-map=/home/pollux/DEBIAN/TPM-TOOLS/tpm-tools=. -fstack-protector-strong -Wformat -Werror=format-security -m64 -Wall -Wno-unused -Wno-implicit-function-declaration -Wreturn-type -Wsign-compare -c -o data_import.o data_import.c data_import.c: In function ‘readX509Cert’: data_import.c:375:26: error: dereferencing pointer to incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’ if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) { ^~ In file included from /usr/include/openssl/asn1.h:24:0, from /usr/include/openssl/rsa.h:16, from data_import.c:34: data_import.c: In function ‘createRsaPubKeyObject’: data_import.c:694:34: error: dereferencing pointer to incomplete type ‘RSA {aka struct rsa_st}’ int nLen = BN_num_bytes( a_pRsa->n ); ^ Makefile:524: recipe for target 'data_import.o' failed OpenSSL decided not to allow access to these fields anymore. At this point, I have no idea on how to fix this. Best regards, Pierre
Bug#828577: The patch is upstream
On Thu, 2016-11-17 at 16:29 -0500, Hon Ching(Vicky) Lo wrote: > Hi > > The patch is upstream: > https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/ > > > Thanks, > Vicky The patch above is based off the latest code in tpm-tools 1.3.9. Please rebase to tpm-tools 1.3.9 to pick up the patch instead. Thanks! Vicky
Bug#828577: The patch is upstream
Hi The patch is upstream: https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/ Thanks, Vicky